DHS Releases New Cyber Strategy

The U.S. Department of Homeland Security has released a new cyber strategy which sets a five year goal to “have improved national cybersecurity risk management by increasing security and resilience across government networks and critical infrastructure; decreasing illicit cyber activity; improving responses to cyber incidents; and fostering a more secure and reliable cyber ecosystem through a unified departmental approach, strong leadership, and close partnership with other federal and nonfederal entities.”

According to the DHS strategy, cyber threats have drastically increased:

“During the last several decades, advances in technology have fundamentally changed the world. Substantial growth in Internet access, use of Internet-enabled devices, and the availability of high speed information technology systems and large datasets have facilitated productivity, efficiencies, and capabilities across all major industries. The proliferation of technology also presents new cybersecurity challenges and leads to significant national risks. More than 20 billion devices are expected to be connected to the Internet by 2020. The risks introduced by the growing number and variety of such devices are substantial.

The United States faces threats from a growing set of sophisticated malicious actors who seek to exploit cyberspace. Motivations include espionage, political and ideological interests, and financial gain. Nation-states continue to present a considerable cyber threat. But non-state actors are emerging with capabilities that match those of sophisticated nation-states. Criminal actors are increasingly empowered by modern information and communications technologies that enable them to grow in sophistication and transnational reach. Transnational criminal organizations also increasingly collaborate through cyberspace. Complicating the threat picture, nation-states are increasingly using proxies and other techniques that blur the distinction between state and non-state cyber activities. In a number of cases, malicious actors engaged in significant criminal cyber activity appear to have both criminal and nation-state affiliations.

These diverse threats can impact federal and nonfederal information systems. Attempted incursions into government networks occur on a daily basis; the number of cyber incidents on federal systems reported to DHS increased more than ten-fold between 2006 and 2015. In 2015, a high-profile intrusion into a single federal agency resulted in the compromise of personnel records of over 4 million federal employees and ultimately affected nearly 22 million people. The growing interconnection of cyber and physical systems within critical infrastructure also creates the potential risk for malicious cyber activity to result in direct physical consequences; for example, the December 2015 overriding of controls in the Ukrainian electric grid resulted in widespread loss of power. Ransomware incidents such as WannaCry and NotPetya demonstrate how the rapid growth of the internet-of-things further complicates the threat as everyday devices can be targeted by malicious cyber actors with potentially far-reaching consequences.

The broad availability, relatively low cost, and increasing capabilities of cyber tools also affect trends in the threats we face. Ransomware, for example, has evolved to attack both frontline systems and backup drives. Malicious cyber actors have successfully used ransomware to compromise maritime, travel control, and healthcare systems. The Darkweb facilitates the easy sale of illicit goods and services, such as firearms, forged passports, and malware, which threat actors may acquire and use. Malware kits and instructions are also readily available on the Darkweb. Malicious cyber tools sold on the Internet can be adapted to intrude into systems and otherwise commit criminal acts related to financial fraud, money laundering, intellectual property theft, or other illicit activities. The growing popularity of cryptocurrencies also presents challenges to countering money laundering and the work of law enforcement.”

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.